2020-09-24 14:56:23
mitre
PUBLISHED
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property portlet.resource.id.banned.paths.regexp can be bypassed with doubled encoded URLs.